Module 1: Preparing your environment for the lab

Learning objectives

By the end of this module, you will be able to:

Verify cluster version, and admin access required for TSF installation
Install Podman and create an initial environment file (tsf.env) with OpenShift Container Platform API credentials
Run the installer container and confirm your environment loads inside it
Authenticate to the cluster from inside the installer container using the oc

Introduction

Before installing TSF, you need a healthy OpenShift Container Platform cluster and a workstation setup that can run the installer. This module walks you through validating cluster prerequisites, installing Podman, creating an initial tsf.env for cluster credentials, and confirming authentication from inside the installer container.

Think of this as TechCorp’s platform engineering team validating access to the cluster and local tooling before onboarding a repository to the secure software supply chain.

Exercise 1: Verify cluster prerequisites

In this exercise, you will verify that your OpenShift Container Platform cluster meets the requirements for TSF installation.

Verify cluster version

Login to your OpenShift Container Platform cluster using the oc CLI.

Use your cluster Kubernetes API endpoint (typically https://api.<cluster>:6443; it matches https://api.cluster-abc123.ocpv00.rhdp.net:6443 in this workshop and aligns with OCP__API_ENDPOINT for the installer shell).
```
oc login https://api.cluster-abc123.ocpv00.rhdp.net:6443
```
Check the cluster version to ensure it meets the minimum requirement.
```
oc version
```
Expected output:
```
Client Version: 4.20.x
Kubernetes Version: v1.33.x
Server Version: 4.20.x
```

Verify cluster topology

Check that you have at least 3 nodes with the master role in your cluster.

oc get nodes

Expected output:

NAME                                         STATUS   ROLES                  AGE   VERSION
master-0.cluster-abc123.ocpv00.rhdp.net     Ready    control-plane,master   5d    v1.33.4
master-1.cluster-abc123.ocpv00.rhdp.net     Ready    control-plane,master   5d    v1.33.4
master-2.cluster-abc123.ocpv00.rhdp.net     Ready    control-plane,master   5d    v1.33.4

Verify

✓ Cluster is running OpenShift Container Platform 4.20 or later
✓ Cluster has 3 or more nodes (not Single Node OpenShift)

Exercise 2: Create the environment configuration file

In this exercise, you will create the tsf.env file that holds the OpenShift Container Platform variables the installer image loads before you authenticate with oc from inside the container.

Install Podman locally

If you haven’t already done so, install Podman on your local workstation.

For RHEL/Fedora:

sudo dnf install podman

For macOS:

brew install podman

Verify installation:

podman --version

Docker is not supported. You must use Podman for this installation.

Create tsf.env

Create a file named tsf.env with the following content:

OCP__API_ENDPOINT=<your_cluster_api_url>
OCP__USERNAME=<your_cluster_admin_username>
OCP__PASSWORD=<your_cluster_admin_password>

Replace the placeholders with your actual values.

Example tsf.env

Here’s an example for TechCorp:

OCP__API_ENDPOINT=https://api.cluster-abc123.ocpv00.rhdp.net:6443
OCP__USERNAME=kubeadmin
OCP__PASSWORD=S3cur3P@ssw0rd

Secure the file

The tsf.env file contains sensitive credentials. Protect this file:

chmod 600 tsf.env

Do not commit this file to version control.

Verify

✓ Podman installed on local workstation
✓ tsf.env file created with OCP credential variables
✓ File permissions set to 600
✓ All placeholders replaced with actual values

Exercise 3: Start the installer container

In this exercise, you will pull and run the TSF installer container.

Run the installer

On your local workstation, ensure you’re in the directory containing your tsf.env file.
Run the installer container with Podman.
```
podman run -it --rm --env-file tsf.env \
  --entrypoint bash --pull always \
  quay.io/redhat-ads/tsf-cli:latest --login
```
This command:
- Pulls the latest installer image
- Loads environment variables from tsf.env
- Starts an interactive bash shell inside the container

Verify container is running

You should see output indicating the image is being pulled, followed by a bash prompt inside the container:

Trying to pull quay.io/redhat-ads/tsf-cli:latest...
Getting image source signatures
...
bash-5.1$

Verify

✓ Installer container downloaded successfully
✓ Interactive bash shell is running
✓ Environment variables from tsf.env are loaded

The --pull always flag ensures you get the latest installer version. The image is updated frequently.

Exercise 4: Login to the cluster

In this exercise, you will authenticate to your OpenShift Container Platform cluster from within the installer container.

Login with oc CLI

Inside the container, login to your cluster using the oc CLI.
```
oc login "$OCP__API_ENDPOINT" \
  --username "$OCP__USERNAME" \
  --password "$OCP__PASSWORD"
```
The environment variables from tsf.env are automatically available.
Verify if your current user has administrator (cluster-admin) permissions across the cluster.
```
oc auth can-i '*' '*' --all-namespaces
```
Expected output:
```
yes
```

Verify

✓ Successfully authenticated to OpenShift Container Platform cluster
✓ Cluster-admin user confirmed

Learning outcomes

Let’s verify what you’ve accomplished in this module:

✓ You verified your OpenShift Container Platform cluster meets the requirements (4.20, 3 nodes)
✓ You installed Podman locally and created an initial tsf.env with OCP credential variables populated
✓ You pulled and ran the installer container so your environment loads in the interactive shell
✓ You logged in with oc from inside the container and confirmed your cluster-admin identity

Summary

In this module, you prepared your workstation and validated access for TSF installation:

Verified cluster prerequisites and connectivity
Installed Podman and secured an initial tsf.env containing OpenShift Container Platform credentials
Started the installer container and confirmed your environment loads inside it
Authenticated to the cluster from the installer shell

You can continue with the Konflux onboarding exercise in the next module.